Hackers

Facebook’s decided to stand up and bulk up its security. TechCrunch reports that soon the social media giant’s desktop users will be required to confirm their accounts with a mobile phone number. In case of a hack attempt, a new password will be generated and sent to users via SMS. That way, Facebook avoids the usual email vulnerabilities. This measure it’s understandable. For Facebook, it’s been hard to handle spam and other bad things when they have to manage a… continue…

LulzSec Reborn hackers have compromised 10,000 Twitter accounts in a bid to prove that Twitter apps can be weak. The hackers exposed sensitive information like user names, passwords, real names, locations, bios, avatars and even secret tokens used for authentication. All 10,000 Twitter accounts have something in common — they all used TweetGif, an application that allows users to share animated GIFs. Sadly, LulzSec Reborn published a link on pastebin a to a Tweetgif users table file, which can be… continue…

Got a LinkedIn account? Change your password ASAP. Hackers have reportedly broken into LinkedIn’s user accounts, stealing 6.5 million encrypted passwords and posting them to a Russian site, says TNW, citing a European security researcher. The hackers apparently posted the passwords to the site and called for help in cracking the encryption. Once in the account, the bad guys could potentially have access to a user’s personal data and possibly their credit card information, if it’s for LinkedIn services. LinkedIn,… continue…

Usually, the daily newspapers don’t excel when it comes to security coverage, but this week the Washington Post has some great reporting and stories under the “Zero Day” moniker. Besides interviews with hackers, security professionals and others, there’s a lot of colorful behind-the-scene details that I haven’t seen very often, even in security or IT trade publications. The series delves into the inner workings of the four zero-day attacks in Stuxnet, quotes from extreme hacker Charlie Miller of St. Louis… continue…

A highly complex Stuxnet-like, targeted attack is appearing across many Middle Eastern computers. It’s not only going after particular organizations, but it’s also targeting personal computers that use home Internet connections. The malware, which goes by the names Flamer or Skywiper, is very hard to track down, but has some pretty wide-ranging effects. Flamer has the ability to steal documents, take screenshots of users’ desktops, spread via USB flash drives, disable security vendor products, and under certain conditions spread to… continue…

Our sister site ClearanceJobs shows a job posting for a few good hackers who’ll conduct some cyberwarfare for defense contractor Northrop Grumman. The openings are in suburban D.C ., Colorado Springs and Sacramento. Besides knowing something about Java, agile development techniques and having other technical chops, you’d also need a Secret clearance. Also listed is “knowledge of security research tools like Metasploit, WorldWind, [and] Google Earth.” Since when did Google Earth become a security tool? We must have missed that… continue…

When the bad guys contacted Noah Magram to sell him some bogus anti-virus software, they were toying with the wrong dude. Magram is a principal software engineer for security firm Sourcefire. Oops. The scammers told Magram he needed to update his software to prevent his PC from getting infections. And since this call came out of the blue, he was not only skeptical but also smart. Magram fired up a Windows VM session and let the caller have at it. In… continue…

GroupOn’s Aaron Bedra, a senior software engineer, wants to unleash developers’ inner hacker when they’re building secure Web sites. For Bedra, it takes roughly eight minutes to find a glaring security hole in another programmer’s code. As a result, he recently tackled the topic “Unleashing Your Inner Hacker” at Future Insights Live in Las Vegas. He noted the top ten reported attacks haven’t changed much over a three-year period ending in 2010, yet some of the attacks continue to get… continue…

MilitarySingles.com’s treasure trove of user passwords recently came under attack by hackers, who devised a new twist in exploiting a weakness in the upload filter for user-generated content. Security vendor Imperva dissected this interesting attack in their report and it’s a worthwhile read. Hackers were able to obtain more than 170,000 records from the site by uploading malware using a Remote File Inclusion exploit in March. While this isn’t anything new, the unusual aspect of this attack is how passwords… continue…

Is hacking at risk? With more platforms creating closed environments, what does that mean for the future of hackability? Hacking is critical for innovation and development, and now that the world is made of computers (what device doesn’t have a chip in it?) hacking has the power to innovate practically everywhere and affect our lives. “I love to make things that help other people make things,” says Adam Wiggins (@hirodusk), founder of the cloud application platform Heroku and a self-proclaimed… continue…